Can't find the information you are looking for here? Then leave a message over on our WinBatch Tech Support Forum.
Keywords: A Referral was Returned From the Server Signed WinBatch Studio
It happens if you try to run an unsigned application (in Vista or newer) that requires elevation, but you have the "User Account Control: Only elevate executables that are signed and validated" policy enabled. Administrators will enable this policy in domain environments if they really want to control which applications users run with administrative privileges.
If the application is a compiled WinBatch script, then you will need to contact your IT department/developer to get it signed. If you’ve been tweaking the Group Policy settings in your domain, go ahead and disable this policy if you want to run the tool.
Note: In July of 2021 Island Lake Consulting LLC switched to DigiCert code-signing certificates and does not use the Thaw certificates mentioned in this article.
If you get this error running WinBatch, WinBatch Studio or any of its tools. Make sure you are running Winbatch 2007B or newer
WinBatch 2007B and newer tools are all signed and manifested.
Reference:
https://blogs.msdn.com/spatdsg/archive/2006/12/20/supportability-and-vista.aspx
If you are running WinBatch 2007B or newer then the WinBatch.exe and WinBatch Studio.exe are both signed and manifested.
If you get this error using WinBatch 2007B or newer, it is probably due to UiAccess beging set to TRUE by default. Since UIAccess is set to true the following must be true:
If you choose to install WinBatch somewhere other than a trusted directory ( NOT Recommended ) then you must use a differently manifested version of the WinBatch tools. For example: WBStudio_AF.exe, WBStudio_IF.exe, WBStudio_HF.exe. These 'differently' manifested version all have uiAccess set to FALSE. Not: this will limit the types of operations that you can script.
Next, try right-clicking on the WinBatch.exe or WinBatch Studio.exe and select 'Properties' then 'Digital Signatures' tab. Select the 'Details' button. It should say 'This digital signature is okay' .
Issue:
The 'Digital Signature Details' dialog says, 'The certificate chain processed, but terminated in a root certificate which
is not trusted by the trust provider'. Further investigation finds 'This certificate cannot be verified up to a trusted
certification authority'.
Cause
This error will occur if the issuer of the currently installed certificate is not present on the client software(i.e. Internet Explorer Browser)
Resolution
WinBatch code signing uses Thawte root certificates. These are installed on most browsers by default. Check that the root
certificate is not deleted from the client software. The root certificates will be installed in the Certfication Authority
certificate stores in the browsers.
In Internet Explorer, go to the menu 'Tools|Internet Options'. Select the 'Content' tab. Select the 'Certificates' button. Select the 'Trusted Root Certification Authorities' tab. Under the 'Issued By' heading look for:
If you need to update your Thawte Root Certificates:
You could do this by going to the Thawte website and downloading the newer 2048 bit public key root certificate. The switch from 1024 to 2048 bit encryption was made after the release of Windows 7 so vendor and corporate installation images sometimes don't have the latest Thawte root certificates installed.
Here is a link to a brief explanation of the certificate change as offered by Thawte.
Also, Windows 7 has a Root Certificate update mechanism that *should* automagically update your Root Certificates as needed. However, this feature can be turned off via group policy.
Article ID: W17484
File Created: 2023:03:02:10:53:20
Last Updated: 2023:03:02:10:53:20